Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: Servers :: wsphere6.htm

IBM WebSphere can be tricked into delivering any JSP file



Vulnerability

    WebSphere

Affected

    IBM WebSphere

Description

    'mhalls' found following.   When IBM WebSphere application  server
    shares the same document root as Netscape Enterprise server it  is
    possible for a malicious  user to view to  view the source of  any
    JSP file in the document root.

    WebSphere's plugin  for Netscape  Enterprise server  uses the host
    header sent  from the  client browser  to determine  if it  should
    intercept a request by matching  the host header against its  list
    of "host aliases" configured in  WebSphere.  By changing the  host
    header  to  a  value  that  WebSphere  doesn't expect bypasses the
    plugin allowing the JSP file to be delivered as a regular file  by
    Netscape Enterprise server.

    Configure your hosts file to point a random name to the IP address
    of the server and then point your browser to

        http://randomhostname/somejspfile.jsp

    If the randomhostname is not in WebSphere's list of hosts  aliases
    it will be served as a regular file.

Solution

    Change  to  document  root  of  WebSphere  to point to a different
    location than  the Netscape  Enterprise Server  document root  and
    move all JSP files to the new location.


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH